Everyday is lazarus.dayβ

Kimsuky Group's Spear Phishing Detected by AhnLab EDR (AppleSeed, AlphaSeed)

2024-02-14, Ahnlab
#Kimsuky #AlphaSeed #AppleSeed


Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014, and have expanded their attacks to other countries since 2017 [1]. The group has mainly been attacking the national defense, defense industry, media, government organizations, and academic areas to steal internal data and technologies from them [2] (This report supports Korean only for now.)
The Kimsuky group utilizes various malware strains depending on the attack. Their most notable case is the installation of AppleSeed and AlphaSeed malware strains. These attacks have continued for several years, and AhnLab introduced the group’s attacks in detail in past articles: “Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)” [3], and the recent article “Trend Analysis on Kimsuky Group’s Attacks Using AppleSeed” [4].
This article discusses the case in which the …